Talk:Features/Fingerprint

Bastien, wrt to the contingency plan, are the authconfig and gnome-about-me patches smart enough to not offer fingerprint functionality if fprintd is not installed ?

Yes they are :) (BastienNocera)

Q & A by Jack with Bastien

This is an interview I did with Bastien on the fingerprint auth stuff:

1. Can you please give us a quick self introduction and how you got started in Fedora.

Hey, I'm Bastien, I work for Red Hat, and I've been a GNOME contributor for 10 years. I started using Fedora when I joined Red Hat in 2002, and I've been hooked since :)

2. For at least a couple of years now, many laptop models have had built-in fingerprint readers. They never seemed to work well under Linux, despite various bits and pieces of drivers being out there. Can you tell us more about how this feature came about in Fedora 11?

I've had a Dell laptop with the omni-present Thomson fingerprint reader for a couple of years, and I was looking at how I could use it, and make it work out-of-the-box in Fedora. At that time, as far as I remember, the only options were the proprietary upek bits, and thinkfinger, which was a very PAM specific solution.

Around that time, Daniel Drake mentioned that he was working on libfprint, a library to fold the support of different fingerprint readers, with different capabilities, into one supported API, for his BSc in Computer Science.

I got in at about that point. Daniel and I already had a pretty good idea on how we should be architecturing support for the fingerprint readers, and Daniel wrote a first pass at the fprintd D-Bus daemon to present it at his final year project presentation.

When Daniel presented his project, he put all his code up, and I started working on the D-Bus daemon, cleaning up the API, and implementing various front-ends on top of it.

3. In order to accomplish alot of this some significant modifications were necessary to other parts of the distro, i.e. DBus, PAM and authentication dialogs. Can you talk to us a little about what type of work needed to be done to get all the pieces to work together.

It was pretty fun getting to use some new technology. We fixed some bugs in libfprint, re-did the public API, added developer documentation, added PolicyKit integration, added a PAM module, and wrote a nice UI for all that in the GNOME control-center.

We were pretty much done, and then Ray Strode added support to GDM to get multiple PAM stacks. This meant that the user could choose between logging in with a password, or using the fingerprint reader.

4. What are some of the issues that remain to be worked on if any?

Most of the remaining problems fall slightly outside the scope of this project. libusb1 needs a bit of reworking to handle devices appearing and disappearing more gracefully. libfprint needs bug fixes for existing drivers and more drivers (never-ending story). And finally, we need PAM to die die die (or add multiple PAM stacks support to more front-ends).

5. Where do you see the future of this going? Do you expect that we will one day down the line see encrypted filesystems which require biometric authentication to decrypt? How about extending this capability to authentication on the web?

Hehe. The architecture is there to support those, although security concerns will possibly override that. We're still thinking of ways to integrate LDAP authentication, and get the PAM module to unlock the GNOME keyring for us.

6. You are well known as a long time and very involved Fedora contributor. What are some of the other projects you worked on for this release?

I worked on the (oh-so-controversial) volume control, updated Bluetooth management tools, and wrote/updated a driver for Wacom Bluetooth tablets.

But work has already started for Fedora 12. With Dan Williams, we already added Bluetooth PAN support to NetworkManager, and we're working on the front-end bits now. I'd like to do some more work on my old flames, Totem and Rhythmbox.

I also have a drawer full of Bluetooth devices that I need to work on. I'm half-way done adding Geolocation to Firefox, for Linux platforms, using GeoClue. Hopefully I'll be able to finish that and work on some more devices.